Slashdot Mirror
Geer Comments On Firing From @Stake
dwbryson writes "Last week Dan Geer, co-author of the CCIA Microsoft security report, was fired from @stake for expressing 'values and opinions [of the report] not in line with @stake's views.' Now Geer has been talking to eWeek and comments on his dismissal."
While it's true MS is a tad "forceful" diversification isn't the real solution to the problem.
.NET makes every XML transaction cost less [or whatever]....
Having sys-admins who do their jobs instead of whining about patching will fix *many* windows related problems.
I think it's a matter of using the right tools for the job. Secretaries shouldn't have to learn userland *nix just to type up a TPS cover sheet for their weekly memos.
Likewise some network admin shouldn't be forced to use WinXP just because the latest
That being said you can run GNU/Linux and get rooted just as easily as you could with Windows if you don't patch your system.
Tom
Someday, I'll have a real sig.
Let's get it right. This is not a 'free speech' issue. It is an corporate and scientific honesty issue. In fact, it was the employer excercising their rights to fire an employee for making statements they didn't like, and it affirms, rather than denies the Bill of Rights. You may not like that, but that's the way it is. The First Amendment restricts government, not employers. Therefore, Gere's employers were within their Constitutional rights to let him go for not toeing the company line. In doing so, they discredit themselves and the rest of us can exercise OUR rights to take anything they say with a grain of salt, realizing as we do that they're in a certain corporation's pocket. You can wave the Constitution in the face of private industry all you like...but it doesn't apply, and it just gets tiresome.
This one is going to pass just like every other Microsoft injustice.
I'm ashamed of our academics, as cited in the article. He apparently went to get 9 to sign onto that paper and all declined because of funding issues.
What's the point of tenured academics if they are going to be afraid of losing corporate grants and therefore are squelched?
Yet another reason I hate academia, besides that one class...
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
This shows once more that Microsoft has become too dominant. If even the security companies can no longer speak freely without endangering their existence (and that's why they fired Dan Gear) then what kind of free speech do you really have? Only the kind you can buy...
Irrespective of whether Microsoft had anything to do with the firing, a company such as @stake should stand by its employee and its own credibility...
Why should companies trust future research from @stake? Should existing employees be watching their backs? Bad smell all around!
unfair dismissal
While I don't really like the idea of someone getting let go for speaking their mind, what's unfair about it? His company clearly has ties to MS, and he jeopardized those ties with his statements. If it were his own company, he could have felt free to say anything about anyone he wanted to, and dealt with the aftermath of his comments on his own. But it was someone elses company... someone who was (yuck) concerned about their business relationship with Microsoft.
While the first amendment gives every American the freedom to express their beliefs/thoughts and guarantee no retribution from the government, it gives us no protection from employers.
Here's a proof. Go to your boss. Call that boss every foul word you can think of, and then say you were exercising your freedom of speech. Better yet, do it over an intercom at work, broadening your audience. You will probably be fired, but not wind up in court.
When you work for someone else, you have to play by their rules. Sometimes those rules allow for changes to be made by going through said company's proper channels, sometimes there is no room for discussion at all. Any way you look at it, they are the ones who have bestowed the job.... not the other way around.
I think the problem this guy ran into was the size of his audience. Maybe when he spoke at conferences about security and Windows (oxymoron that it is), his user base was a select group, and small by comparison. But in print, your audience can be unlimited, and so can the damages of your statement.
Saying Android is a family of phones is akin to saying Linux is a family of PCs.
You are exactly right on this. The only damage done here is to the credibility of @stake and to Microsoft, and that is self-inflicted.
Was it right for @stake to fire Geer? I don't think so. However, it's not illegal (as far as I know; IANAL).
There's an old adage that says "If you take the king's shilling you become the king's man". @Stake has just loudly announced that they are little more than another Gartner. Why should anyone take any pronouncements they make seriously? Especially since we know they are adverse to offending MS. Someone last week put it best: "l0pht is getting s0pht."
Anyway, @Stake did not "bestow" the job on Geer. He was a founding member and it become politically incorrect for him to do something he had always been doing. He is correct in that we have a very large problem. When tenured academics scuttle about in fear of MS, we definitely have a problem.
Amen to this - I was about to post on the same lines.
In many ways the most sinister bit is towards the bottom, where he tried to get a number of academics to co-sign the paper with him. None felt able to. They all had tenure, which is supposed to allow academics to be free of the pressures that make employees keep quiet about problems, but they were afraid for their funding, which comes from industry and is not tenured. An academic who says the wrong thing may not be out on the street touting for work, but with no research funding in an expensive subject like CS, he is reduced to a schoolteacher.
This is a case where more non-commercial funding is needed. Which usually means goverment funding. But on secutiry issues, the government is also a very interested party and is likely to step on the "wrong sort" of research (e.g. research that might block loopholes used by NSA, but potentially usable by black hats).
Part of the problem is again the size of one giant customer. If the industry were more diviersified commercially (as opposed to technically), a small organisation could take the risk of offending a proportion of the market in order to be seen as frank an knowledgeable by the remainder. But with M$ being the slarges customer for just about anything, as well as the largest supplier, any profit-driven organisation has to think of its opinion.
Consciousness is an illusion caused by an excess of self consciousness.
You seem to be implying that the boss is doing a favour to the workers by giving them a job, rather than the way it really is. The workers' labour is worth more to the company than the company's wages are to the workers. As long as I've a hand on each arm and a head on my shoulders, I won't go short. A boss hasn't that luxury .....
It is still unfair dismissal. As long as his name was on the report, then the report is his words, not his employer's, and if someone can't understand, well, that's their problem. You cannot be dismissed from a job simply for disliking your boss, otherwise there would be many more on the dole than working.
In my last job, I made no secret what I thought of my boss. My co-workers {as, one by one, they left the company; some had nervous breakdowns, some got other jobs, some were desperate enough that they would forego six weeks' giro by leaving a job voluntarily; one went into what he described as a less stressful job - teaching!} felt the same way. In this job, I'm fortunate to have a boss I get on with really well. Even if I didn't, that would not be grounds for dismissal.
Also, there is a commonly-overlooked defence to libel, and that is that it was true.
Je fume. Tu fumes. Nous fûmes!
The supervisors blamed the workers for being stupid and lazy. The supervisors of course hadn't done any real work in a couple of years. When I actually went to the line I saw processes that may have been good enough a few years ago, but were not now.
The problem was that the company needed more people to run the line, the line needed to run most of the time 24 hours a day seven days a week, and product needed to be shipped on a more exacting schedule. The two biggest problems were that certain steps which required some precision would have had to be made more fault tolerant so that people with less training could do them, and other steps had to be made more reliable because there wasn't time to go back and fix things after the line shut down.
Which is where I think MS is now. The update process is not suited to the current use patterns or the people using them. Take the current auto-update for home users. There are many home users that are on dial-up with a single phone line in their house. They log on for like 20 minutes a day to check email and load a web site or two. These people might not want to tie up the line for the hour it takes to do an update. They are precisely the people that would open an infected email, which would then have plenty of time to spam the victims address book.
Production updates are the same thing, especially at small companies with several computers, broadband, and a single paid low paid IT worker. Is this worker going to stay after work on the day of the update to fix all the computers. If the company is running a website locally, is the boss going to let that site go down for the hour it takes to update, or is the boss going to want to wait until the IT worker can come in late one weekend to do it? Is that worker going to be competant to deal with any other patching that might be needed after the upate?
Again, it is easy to complain the workers are lazy and stupid. It is much harder to take responsibility as a supervisor or manager and realize that it is your responsibility to create a structure in which certain things will happen. Most supervisors and managers are just as lazy as the workers, and so don't take this responsibility.
Of course, the issue is widespread. IIRC, the original article said the problem was MS was so dominant such attacks were possible. All I am saying is they need to get off their lazy asses, use some of the billions, and develop processes that allows the stupid and lazy production line programmer to create secure code. They obviously can do this, as they have created plenty of processes that allows the untrained programmer to create useful code.
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
I must disagree...
@Stake is supposed to be a security research and consulting firm. How is any research out of this company ever to have even one ounce of credibility again? I realize Mr. Geer's paper was not published as an "official" company report, but they were angry based on the fact that his paper might "appear" to be At Stake's opinion.
So if At Stake is so concerned about ruffling Microsoft's feathers that a report they DIDN'T EVEN WRITE causes the firing of a senior, uber-experienced employee with a vast repository of knowledge to draw on, how do we know their reports aren't already being slanted to avoid offending "partner" Microsoft?
His firing is tantamount to killing the messenger for a message they didn't like. Sorry, but as an employee I resent the idea that if I do something on my own time and dime that offends somebody inside some business partner's corporate structure, I could lose my job. In this economy, that is a pretty chilling statement, President Bush's assinine assertions that "Everything is okay!" aside...
Who did what now?
First of all, Geer just became a martyr of sorts. As he is practically the creator and one of the more important celebrities in the security field, he's not wanting for job offers or opportunities. He'll probably just make his own.
Whether or not Microsoft had anything to do with his firing, directly or not, is somewhat irrelevant. Sure it adds more fuel to the "we hate Microsoft" fire but outside of that it proves nothing except that @Stake is driven by their sponsors and not by the ideal of exposing the truth. This makes @Stake a security company that isn't secure in its convictions. Security you cannot trust.
Geer, on the other hand, has proven himself to be unshakeable from the pursuit of the truth. He is unshaken by political and financial forces and the industry will see that, like it or not, his opinions can be trusted.
Generally, this is a good thing for him and the business of security. The more high-profile these matters become, the more public opinion will influence commerce in these matters.
It is hard for the American heart to forgive even perceived violation of the free speech ethic. We believe we can say whatever we want whenever we want so long as it is the truth. The public perceives the "breech" of the free speech ethic as a bad thing. "Oh look honey, this bad company fired this man because he was doing what he was hired to do and they didn't like the truth." That's the message most people will receive in this case I believe.
They probably fired him because they knew they couldn't get him to retract anything he said.
I don't know of a single religious zealot who wants to prevent Darwin's theory of evolution from being talked about
There have been teachers in US courts of law because they told their students about Darwin. That enough for you?
The problem the religious zealots have is that the Darwinian's are preventing creationist theories from being talked about.
Religious zealots do not like science, because there is no 'believing' involved. Also Darwinist, being scientists, do not have as extreme prejudice in discussions as religious zealots. Scientists change their pov when they are proven wrong, they do not run away with fingers in their ears like some others do. Has there ever been a creationist in a court of law for telling about the Adam & Eve story?
In an education environment, it's quite reasonable to expect that both theories be taught. (Yes, they are both theories. There is nothing scientifically factual about evolution whatsoever.)
Yes, and the earth existing for only 4000 years is also a theory? No. In no way. A theory is supported by evidence and/or objective reasoning and/or perceptions. Basically the only thing creationists have is: "Well, there are all these creatures, they _must_ have been created.". They never have a decent explanation for exinct creatures (did God make a mistake?), nor for the fact that species change over the course of many generations (God making a mistake again? His design was not perfect), nor for the fact that several million years ago the bio-diversity was much, much lower (God making a mistake again, not having created enough species).
Wenn ist das Nunstueck git und Slotermeyer? Ja! Beiherhund das Oder die Flipperwaldt gersput.
Umm, if memory serves, the l0pht was, well, absorbed into @stake. That is, what was the l0pht became part of @stake, but @stake isn't just "the legitimate front for the [cr|h]ackers formerly known as the l0pht".
Remember their tagline? MS: "That vulnerability is completely theoretical." The l0pht: "Making the theoretical practical since (some year)." I'd be willing to bet that not all the people within @stake are very happy about this decision, just like there's probably a few VeriSign employees that aren't totally happy with SiteFinder.
I wonder when one of 'em will actually stand up and say it.